PT-2016-7549 · Siemens · Simatic Cp 443-1 Advanced+3
Published
2016-11-23
·
Updated
2019-12-12
·
CVE-2016-8672
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) versions prior to V3.0.53
SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) versions prior to V3.2.17
SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (affected versions not specified)
SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (affected versions not specified)
Description
A vulnerability has been identified where the integrated web server delivers cookies without the "secure" flag, potentially leading to data leakage in case of clear text transmission. However, modern browsers interpreting the flag would mitigate this issue.
Recommendations
For SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) versions prior to V3.0.53, update to version V3.0.53 or later.
For SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) versions prior to V3.2.17, update to version V3.2.17 or later.
For SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) and SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants), at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simatic Cp 343-1 Advanced
Simatic Cp 443-1 Advanced
Simatic S7-300 Pn/Dp Cpu
Simatic S7-400 Pn Cpu